Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Fixed

Organization profile connector hindered by read-only nature of record IDs

Matthew Clark 12 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 37

It appears the organization profile connector currently only works in environments where OUs are added sequentially with sequential IDs.

SharePoint has a “RecordId” field which is a unique identifier for an organization profile. This is also used to manage the hierarchy, with organization profiles having a parent property which contains the RecordId of the parent. However, this field is readonly in SharePoint, meaning that we have no control over its value, and to ensure the hierarchy is correct, the parent values would need to be updated for the organization profiles after an initial export. Currently, the mapping is only correct if SharePoint happens to generate an ID which is the same as the one from the source system.

The connector must be revisited to handle this behaviour.

Current work is around testing the addition of two fields to SharePoint and the FIM metaverse for handling this mapping as follows, making use of the export control of reference values. From an earlier email:

The issue of course here is that the record ID is not known prior to the creation of the organization in SharePoint, and a two-pass approach is required. However, if the field was configured as a reference instead you could assume that you would have already exported the parent and have its correct SharePoint ID, meaning you wouldn’t have to do all your adds and then all your updates on a second FIM export. This would, however, mean that the solution would need to configure the hierarchy as a reference (if it hadn’t already). In order for joins to work successfully, we’ll likely need to flow this information back into the MA.


AdapterEngine.extensibility.config.xml
ConnectorEngine.extensibility.config.xml
Conversation with Adam van Vliet Matthew Clark.msg
IDBSP-44 - Attribute Flows in SharePoint Org MA.png
orgDb.png
Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp
Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp
Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp
Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp
0
Fixed

Unable to read from SharePoint Lists since export of 37K+ items

Boyd Bostock (BCE) 12 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 71

Unable to Import from the 2 of the SharePoint Connectors since provisioning 37K+ Parents (Error is below).

In order for the SharePoint Export to work the Title attribute in the External Users list was changed from Required = True to False.

C:\Program Files\UNIFY Solutions\Services\Extensibility\ConnectorEngine.extensibility.config.xml.
Old <field name="Title" required="True" validator="string"/>
New <field name="Title" required="False" validator="string"/>

The Export was successful and parents appear in the IdB Connector and SharePoint List. However I now cannot Import back from SahrePoint.
I have changed the Title requirement back to true, this was not successful.

Error details:
System.Xml.XmlException: '=' is an unexpected token. The expected token is ';'. Line 1, position 56.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.HandleEntityReference(Boolean isInAttributeValue, EntityExpandType expandType, Int32& charRefEndPos)
at System.Xml.XmlTextReaderImpl.ParseAttributeValueSlow(Int32 curPos, Char quoteChar, NodeData attr)
at System.Xml.XmlTextReaderImpl.ParseAttributes()
at System.Xml.XmlTextReaderImpl.ParseElement()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.ParsePartialContent(XmlNode parentNode, String innerxmltext, XmlNodeType nt)
at System.Xml.XmlLoader.LoadInnerXmlElement(XmlElement node, String innerxmltext)
at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.<GetListItems>d__6.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.EnumerableExtensions.<ActionOnFirst>d__1c`1.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.ActionOnExceptionEnumerator`1.MoveNext()
at Unify.Framework.EnumerableExtensions.<ActionOnLast>d__16`1.MoveNext()
at Unify.Framework.EnumerableExtensions.<ProduceAutoPages>d__9`1.MoveNext()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Framework.Visitor.VisitEvaluateOnThreadPoolT(IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads)
at Unify.Framework.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Framework.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Framework.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.MutexJobDecorator.Run()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal


bce.saz
Logs + dot net logs.zip
Unify.Communicators.Moss2007List.dll
Unify.Communicators.Moss2007List.dll
Unify.Logs.zip
UnifyLog20120528.zip
UnifyLog20120604.zip
UnifyLog20120605.zip
UnifyLog20120605.zip
0
Answered

SharePoint Broker: Deleting Users with checked out resources

Peter Wass 12 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 10

When deleting a user, what will occur if the user has resources (eg a document) checked out in SharePoint. When using the standard web interface it fails. Can you describe the Broker process (will it just fail and return an error?)

0
Fixed

SharePoint 2010 User Profile Service cannot import larger numbers of users by default

Matthew Clark 13 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 7

When attempting to retrieve user profiles from SharePoint 2010, the following error was thrown on the SharePoint side. Note that this is from a WCF trace on the SharePoint side - the error message thrown to Identity Broker is not at all helpful:

There was an error while trying to serialize parameter http://www.unifysolutions.net/IdentityBroker/SharePoint:GetProfilePageResult. The InnerException message was 'Maximum number of items that can be serialized or deserialized in an object graph is '65536'. Change the object graph or increase the MaxItemsInObjectGraph quota. '.  Please see InnerException for more details.

Error thrown to Identity Broker:

Error occurred in module: Change detection engine

Change detection engine poll for connector SharePoint 2010 User Profile Connector failed with reason An error occurred while receiving the HTTP response to http://c21sharepoint/_vti_bin/unify/userprofile.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.. Duration: 00:01:13.9003906
Error details:
System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to http://c21sharepoint/_vti_bin/unify/userprofile.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Unify.Communicators.UserProfileManager.ISharePoint2010UserProfileService.GetProfilesByName(String[] accountNames)
   at Unify.Connectors.SharePoint2010UserProfileConnector.GetEntities(IEnumerable`1 entityIds)
   at Unify.Framework.ConnectorToPollingConnectorBridge.GetEntities(IEnumerable`1 entityIds)
   at Unify.Framework.EventNotifierReadingConnectorDecoratorBase`1.GetEntities(IEnumerable`1 entityIds)
   at Unify.Framework.ChangeDetectionPollJob.RunBase()
   at Unify.Framework.MutexJobDecorator.Run()
   at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
   at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)

The workaround is to decrease the number of users retrieved from SharePoint at a time using the bulkPageSize property of the communicator. However, the above attribute should be changed programmatically in the WCF service itself. SharePoint 2010 allocates a dynamic schema to all custom WCF services - see http://msdn.microsoft.com/en-us/library/ff521586.aspx.

0
Fixed

SharePoint 2010 List connector failing scheduled polling imports and large lists

Paul Barratt 12 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 65
0
Completed

SharePoint web service connectors not using Framework communicators

Matthew Clark 12 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 3

When non-custom credentials are selected for the 2007 User Profile connector, an error appears during schema retrieval - "Value cannot be null: userCredentials". No other additional information logged. Unsure whether this is connector specific or from the Framework Web Communicator.

Edit:
This is because the connector is not using the web service from Framework.

The list web service has the same problem.

0
Fixed

Review SharePoint 2010 User Profile tooltips

Tony Sheehy 12 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 1

Currently the UserName/Password tooltips refer to "credntials", and the Enforce SID History is just "EnforceSIDHistory".

0
Answered

SharePoint configuration wizard should highlight fields that are marked as Choice List types

Matthew Clark 13 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 4

Choice List types can cause some issues in an identity management solution - see the troubleshooting information. It would therefore be helpful if the SharePoint Connector Configuration wizard could highlight fields that are marked as choice list fields (as simple as checking the ChoiceTypes enum of the attribute's PropertyInfo when retrieving the schema).

Moreover, if the choice list is marked as "Closed", the field could be marked as readonly in the schema - see http://msdn.microsoft.com/en-us/library/microsoft.office.server.userprofiles.choicetypes.aspx. This could also be done by default in order to prevent new choices from being added when the property is not set to "Open" - although this would prevent updates of the field to other valid options for the user. Some further investigation into appropriate behaviour in this case should be carried out.

Estimate includes familiarization with UI, formatting of the XSL, and testing.

0
Fixed

SharePoint 2010 User Profile does not handle ampersands correctly

Matthew Clark 13 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 9

In a similar vein to issues with MOSS 2007, SharePoint 2010 does not appear to handle symbols correctly. In the latest chris21 demo environment, regular ampersands were being correctly sent to SharePoint as the correct symbol '&'

&amp;

but coming back as the wide Unicode symbol '&'

&#65286;

causing cycling exported-change-not-reimported errors

0
Answered

Filter on SharePoint Connector

Matthew Woolnough 11 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 8 years ago 5

Is it possible to filter out list items from a SharePoint list?

I want to use the EmployeeID in the DN, however it will not be populated initially, which means not all list items will have a value. This will result in errors being thrown & I'd like to avoid this.

If this is not already possible, can you advise on how long it would take to implement.